Published on January 13th, 2017 📆 | 6288 Views ⚑
0New Ransomware SPORA Encrypts Your Data Offline
Security researchers found new Ransom family SPORA that can designed to encrypt your data offline. Spora does not renamed the encrypted files. Currently targets on Russian users and spread via mimic invoices and spam emails. It's first spotted by Bleeping Computer and Kaspersky forums.
Spora Ransomware contain .HTA (HTML Application) extension format such as Doc.HTA or PDF.HTA where the one of the extension file is hidden. When the victim click on HTA file it will extract a Javascript file named Close.js and save it into %temp folder.
HTA file also extract and execute a DOCX file. Where the file is corrupted and show an error.
Spora doesn't target a large number of files. The current version of Spora only goes after files with the following file extensions:
.xls, .doc, .xlsx, .docx, .rtf, .odt, .pdf, .psd, .dwg, .cdr, .cd, .mdb, .1cd, .dbf, .sqlite, .accdb, .jpg, .jpeg, .tiff, .zip, .rar, .7z, .backup.
The encryption process targets local files and network shares, and does not append any extra file extension at the end of files, leaving file names intact.
Russian Version Note: All Your Work and personal files were encrypted (Translated Red Fonts) |
[adsense size='1']
- games
- program files (x86)
- program files
- windows
Screenshot of Spora Ransom to Pay |
As you can see above image here users can choice what they want to decrypt according to their need.
Ransomware are charging $79 to full decrypt. All payment process by Bitcoin.
How to protect?
- Do not open any suspicious file
- Do not click on any unknown source link.
- Always on Anti-Malware software
Gloss